CVE-2010-2062
https://notcve.org/view.php?id=CVE-2010-2062
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. Desbordamiento de enteros en la función real_get_rdt_chunk en real.c, utilizado en modules/access/rtsp/real.c del reproductor multimedia VideoLAN VLC anterior a 1.0.1 y en stream/realrtsp/real.c en MPlayer anterior a r29447, permite a atacantes remotos ejecutar código arbitrario a través del valor longitud modificado en la cabecera RDT • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca http://openwall.com/lists/oss-security/2010/06/04/4 http://seclists.org/fulldisclosure/2009/Jul/418 https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow • CWE-189: Numeric Errors •
CVE-2013-4388
https://notcve.org/view.php?id=CVE-2013-4388
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versión 2.0.8 permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de vectores sin especificar. • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e http://secunia.com/advisories/59793 http://www.openwall.com/lists/oss-security/2013/10/01/2 http://www.securityfocus.com/bid/62724 http://www.securitytracker.com/id/1029120 http://www.videolan.org/developers/vlc-branch/NEWS https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1954
https://notcve.org/view.php?id=CVE-2013-1954
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read. El ASF Demuxer (modules/demux/asf/asf.c) en VideoLAN VLC media player v2.0.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero ASF especialmente diseñado que genera una lectura fuera de los límites. • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e http://marc.info/?l=oss-security&m=136593191416152&w=2 http://marc.info/?l=oss-security&m=136610343501731&w=2 http://secunia.com/advisories/59793 http://trac.videolan.org/vlc/ticket/8024 http://www.osvdb.org/89598 http://www.securityfocus.com/bid/57333 http://www.videolan.org/security/sa1302.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3245
https://notcve.org/view.php?id=CVE-2013-3245
plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow **EN DISPUTA** plugins/demux/libmkv_plugin.dll en VideoLAN VLC Media Player v2.0.7, y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo MKV especialmente diseñado, posiblemente provocando un desbordamiento de entero y fuera de los límites de lectura o desbordamiento de búfer basado en memoria dinámica, o una excepción no capturada. NOTA: el vendedor se afirmó que, "este PoC bloquea VLC, en efecto, pero no hace nada más ... esto no es un error de desbordamiento de entero, sino una excepción no capturada y dudo que sea explotable. • http://seclists.org/fulldisclosure/2013/Jul/71 http://seclists.org/fulldisclosure/2013/Jul/77 http://seclists.org/fulldisclosure/2013/Jul/79 http://secunia.com/advisories/52956 http://secunia.com/blog/372 http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia http://www.securityfocus.com/bid/61032 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVE-2012-5855
https://notcve.org/view.php?id=CVE-2012-5855
The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction. La función SHAddToRecentDocs en VideoLAN VLC media player v2.0.4 y versiones anteriores podría permitir a los atacantes asistidos por el usuario provocar una denegación de servicio (caída) a través de un nombre de archivo especialmente diseñado que genera una calculo de longitud de cadena incorrecto cuando se agrega el archivo a VLC. NOTA: no está claro si este problema puede saltarse los límites de privilegio o si puede ser explotado sin la interacción del usuario. • http://marc.info/?l=oss-security&m=135274330022215&w=2 http://www.securityfocus.com/archive/1/524626 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781 • CWE-189: Numeric Errors •